rpms/kdelibs
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
9826456992
kdelibs/kdelibs-4.2.98-cve-2009-1725.patch
Kevin Kofler 9826456992 * Sun Jul 26 2009 Kevin Kofler <Kevin@tigcc.ticalc.org> - 4.2.4-6 
- fix CVE-2009-1725 - crash, possible ACE in numeric character references
- fix CVE-2009-1690 - crash, possible ACE in KHTML (<head> use-after-free)
- fix CVE-2009-1687 - possible ACE in KJS (FIXME: still crashes?)
- fix CVE-2009-1698 - crash, possible ACE in CSS style attribute handling
- fix CVE-2009-0945 - NULL-pointer dereference in the SVGList interface impl
2009-07-26 04:20:01 +00:00

14 lines
549 B
Diff
Raw Blame History

Index: khtml/html/htmltokenizer.cpp
===================================================================
--- khtml/html/htmltokenizer.cpp (revision 1002162)
+++ khtml/html/htmltokenizer.cpp (revision 1002163)
@@ -1038,7 +1038,7 @@
#ifdef TOKEN_DEBUG
kDebug( 6036 ) << "unknown entity!";
#endif
- checkBuffer(10);
+ checkBuffer(11);
// ignore the sequence, add it to the buffer as plaintext
*dest++ = '&';
for(unsigned int i = 0; i < cBufferPos; i++)
Reference in New Issue View Git Blame Copy Permalink